1.9 Ensure IAM password policy prevents password reuse

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

IAM password policies can prevent the reuse of a given password by the same user. It is recommended that the password policy prevent the reuse of passwords.

Rationale:

Preventing password reuse increases account resiliency against brute force login attempts.

Solution

Perform the following to set the password policy as prescribed:
From Console:

Login to AWS Console (with appropriate permissions to View Identity Access Management Account Settings)

Go to IAM Service on the AWS Console

Click on Account Settings on the Left Pane

Check 'Prevent password reuse'

Set 'Number of passwords to remember' is set to 24

From Command Line:

aws iam update-account-password-policy --password-reuse-prevention 24

Note: All commands starting with 'aws iam update-account-password-policy' can be combined into a single command.

See Also

https://workbench.cisecurity.org/files/3416